Date / references Thales Norway AS Thales Norway AS NISnet Kick-off UiB 10. oktober 2007 Leif...
-
Upload
janice-postlethwait -
Category
Documents
-
view
287 -
download
4
Transcript of Date / references Thales Norway AS Thales Norway AS NISnet Kick-off UiB 10. oktober 2007 Leif...
date
/ re
fere
nce s
Thales Norway AS
Thales Norway ASNISnet Kick-offUiB 10. oktober 2007Leif Nilsen
2
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
Thales
Thales
Internasjonalt konsern medhovedkontor i Frankrike
68 000 ansatte i tre forretningsområder
Omsetning >10.2 milliarder Euro (2006)
Thales Norway
Heleid datterselskap med 185 ansatte
Kontorer i Oslo, Trondheim og Stavanger
Produktutvikling, systemintegrasjon, tjenester
Største produktområder Sikkerhetsløsninger – krypto - MMS Kommunikasjonsnettverk
Defence
Aerospace
Security
Thales Norway er verdensledende på leveranserav High Grade krypto til NATO (-land)
3
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
1956
ETCRRM
TCE 300
1987
1993
TCE 500
Selma
1960
Cryptel 240
1967
KTP 3
1963
TCE 160
Cryptel 245
1970
1999
TCE 621
1997
TCE 611
Historical Product Overview - Security
TCE 520RACE 1978
Cryptel 265
2002
EKMS
TVPN
4
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
Cryptel®-IP family
High grade crypto device for IP based data networks Approved by Norwegian National Security
Authorities for all security levels Approved by NATO for all security levels
– including Cosmic Top Secret
7000 units sold Used in national networks in 21 countries
Prepared for Dual Algorithms / national adaptation and evaluation
Main functions (TCE 621, TCE 621/B & TCE 621/C) Supports both IPv4 and IPv6 Electronic and/or manual key distribution Removable crypto ignition key Tamper protected case Tempest according to AMSG 720B NATO approved crypto algorithm
TCE 621 - 10 Mb/s
TCE 621/B - 100 Mb/s – TCE 621/C - 1 GB/s
TCE 621 the NATO standard IP crypto equipment
5
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
Cryptel®-IP family components
Data rate
10 Mbps
Throughput
>6 Mbps
Internal power
AUI interface
NATO approved for CTS
Selected as NICE
TCE 621(GEN-1-17)
TCE 6212nd generation
Characteristics as1st generation
Additional features
Multicast
Redundancy
NAT / UDP encaps.
ACR load
SW upgradeable locally
TCE 621/B
Fully compatible with 10 Mbps version
Data rate 10/100 Mbps
Throughput~100 Mbps~100.000 pps
External power Ethernet / Fibre
interface Approved for Secret,
target CTS Central SW upgrade Prepared for
new/dual algorithms
TCE 621/C
Fully compatible with 10 Mbps version
Data rate 10/100/1000 Mbps
Throughput>300 Mbps~100.000 pps
External power Ethernet / Fibre
interface Approved for
Secret, target CTS Central SW upgrade Prepared for
new/dual algorithms
6
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
TCE 621
TCE 621
TCE 671
TCE 621 KP TCE 621 FE
Wide Area
Network
(WAN)
Cryptel®-IP family today
Examples of available functionality
TCE 621/B
TCE 621/B
Networkprotection
Host protection
Real timeapplications
Out of areaoperations
QoS-router
Security Management Center
Tacticalnetworks
Redundancy
Network managerinterface
NAT-traversal
Multicast
TCE 621
7
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
SubDA
TCE 621TCE 621
NDA
TCE 621TCE 621
LDA
TCE 621TCE 621
eCustodian System KeyProductionEquipments
KPE
ADS clientMMHSServer
ADS serverMMHS client
KPE
ADS serverMMHS clientADS server
MMHS client
IP networkIP network
Reproduction PC
KPEDTD
8
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
OTA i VCS
Cryptounit
Cryptounit
LANLAN
LANLAN
VCF
MFT
OTA
VCF
MFT
OTA
VCF
MFT
OTA
VCF
MFT
OTA
VCF
MFT
OTA
VCF
MFT
OTA
Non-secureRadio and TelephoneSwitching
Non-secureRadio and TelephoneSwitching
RemoteRadio
TelephoneNetwork
SecureRadio and TelephoneSwitching
Cryptounit
Cryptounit
Cryptounit
Cryptounit
Non-secure switching network
Secure switching network
RadioTransmissionNetwork
LocalRadio
9
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
NNEC challenges
Cross Domain Solutions (CDS) Information exchange between security domains
Trusted platforms, MLS (MILS), Content/role based access Object labelling, XML security
Flexible and dynamic infrastructure Protected Core Networking (PCN)
Prevention of unauthorized traffic
End-to-end QoS Extended core, Object level protection
Key management Number of keys, flexibility and speed
10
date
/ re
fere
nce s
Th
is d
ocu
men
t is
the
pro
pert
y o
f Th
ales
Gro
up
an
d m
ay
not b
e co
pie
d or
co
mm
uni
cate
d w
ithou
t writ
ten
con
sen
t of T
hale
s
Thales Norway AS
Aktuelle problemstillinger
Implementasjon med maksimal tillit (assurance) Design for evaluering Fleksible implementasjoner Interoperabilitet
SCIP HAIPE EKMS
Høyhastighetskrypto (> 10 Gbps) Nettverksutfordringer (NEC, AdHoc) Dual Mode